© 2021 Elsevier LtdThe electricity demands are floated through smart grid (SG) devices to a remote power management system and utility center (UC) for utilizing energy-based services, while the UCs manage the distribution of power. Nevertheless, in smart grid systems, the communication messages are susceptible to various threats, since the information related to power consumption is communicated over an unsafe public channel. Therefore, a secure authenticated key agreement scheme is crucial for dispensing energy-based services to legal subscribers. In this regard, Yu et al. designed a secure authentication scheme for smart grid-based demand response management. Nevertheless, we discover that Yu et al.’s protocol is prone to replay attack, denial-of-service attack, and many technical defects in the protocol. Thus, we propose an anonymous and lightweight authenticated key agreement protocol for smart grid-based demand response management countering the limitations in Yu et al.’s scheme. Our scheme may withstand known security attacks, and also supports privacy as well as mutual authentication. We evaluate the security properties of contributed protocol employing informal security analysis and proved the security of session key between the utility center and smart grid using Burrows Abadi Needham (BAN) logic analysis and ProVerif automated simulation. The achieved results sufficiently advocate the practical implementation of the scheme.